Vulnerability Description
<p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute arbitrary Javascript code on a target system.</p> <p>For the attack to be successful, the targeted user would need to browse to a malicious website or a website serving the malicious code through Xamarin.Forms.</p> <p>The security update addresses this vulnerability by preventing the malicious Javascript from running in the WebView.</p>
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Xamarin.Forms | - |
| Chrome | < 83.0.4103.106 |
Related Weaknesses (CWE)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1687PatchVendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1687PatchVendor Advisory
FAQ
What is CVE-2020-16873?
CVE-2020-16873 is a vulnerability with a CVSS score of 4.7 (MEDIUM). <p>A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to the default settings on Android WebView version prior to 83.0.4103.106. This vulnerability could allow an attacker to execute ar...
How severe is CVE-2020-16873?
CVE-2020-16873 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16873?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Xamarin.Forms, Google Chrome.